Smart cities may sound like a thing of the future, but we’re approaching the realization of that concept with the use of IoT devices. When they create complex, city-wide grids that are strongly centralized, they can provide great convenience to the people using them. But they also inherently grow more vulnerable.

How does this bode for the future in which the UN predicts 70% of the world’s population will move to cities? By 2050, we might have these IoT systems developed to greatly benefit the citizens by reducing costs and decreasing the infrastructural strain. But how can we protect them?

Global spending on smart city projects in 2018 was more than $80 billion, which is a significant sum that clearly shows the dedication of governments and municipalities to improve city functionality around the world. A city’s IoT grid has to be centralized to be sufficiently interconnected. A smart city requires more than isolated grids, but this requirement makes it vulnerable.

When we take into consideration how different some of these smart city projects are and the variety of IoT devices that are used today, it becomes clear why these systems are so difficult to secure. Without a unifying cybersecurity standard for all IoT devices, as well as built-in protection, it’s extremely difficult and not cost-effective to secure separate systems. As they are all connected in a smart city grid anyway, one weak link could spell trouble for all the others.

Since every device can be an entry point capable of undermining the security of the whole system, we need to take a closer look at specific vulnerabilities of smart city IoT systems. Once one device is compromised, it’s possible to extract its confidential data, disrupt its functionality, or use it to infiltrate the network further.

An interconnected smart city grid has a lot of different segments, and they all use the same or similar protocols to communicate. These are usually M2M protocols, which are extremely vulnerable to cyberattacks.

To ensure the required level of security of interconnected IoT devices in smart cities, we need to approach the cybersecurity issue on multiple levels. The first step is a comprehensive analysis of our systems, uses and weaknesses of individual devices, and how they are going to develop in the future.

That should provide us with the insights we need to come up with a thorough and all-encompassing cybersecurity certification that every IoT device should possess before being approved for use. For some, that might mean some built-in protection, while others would likely be protected by following standard cybersecurity practices.

Finally, we need to ensure ongoing device monitoring with the purpose of active, real-time protection. Devices that are often used as attacker entry points should be able to detect intrusion and protect against it.

As cities begin to rely on IoT devices more and more to ensure improved functionality, IoT developers and manufacturers need to worry about making IoT devices more secure. Only that will ensure that we walk into the future, not fearing cybercrime, but defeating it.